On Tue, Oct 2, 2012 at 7:45 PM, Michael Demeter <michael.deme...@intel.com> wrote: > > Continuation would then be to eliminate any unnecessary work being > done to increase the randomness..Since the HW generated values > can be used directly. This could help a small little bit in performance > (but that is a secondary effect)…
The code in mozilla/security/nss/lib/freebl/drbg.c implements one of the deterministic random bit generators (DRBGs) specified in NIST SP 800-90 (the Hash_DRBG). It is necessary for FIPS 140-2 validation. For this reason NSS can't use hardware-generated values directly. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto